GnuTLS insufficient cert verification Vulnerability

VULNERABILITY

libcurl (when built to use GnuTLS) fails to verify that a peer's certificate
hasn't already expired or hasn't yet become valid. This allows malicious
servers to present certificates to libcurl that won't be rejected properly.

Notably, the cacert and common name checks are still in place which reduces
the risk for random servers to take advantage of this flaw.

There is no known exploit at the time of this writing.

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2007-3564 to this issue.